Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 23 Sep 2025 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-287 |
Tue, 23 Sep 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-306 |
Tue, 15 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Fri, 06 Dec 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-863 |
Tue, 03 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
Tue, 03 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
ssvc
|
Tue, 26 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Projectsend
Projectsend projectsend |
|
CPEs | cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:* | |
Vendors & Products |
Projectsend
Projectsend projectsend |
|
Metrics |
ssvc
|
Tue, 26 Nov 2024 10:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. | |
Title | ProjectSend Unauthenticated Configuration Modification | |
Weaknesses | CWE-287 | |
References |
|
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-09-23T15:16:51.860Z
Reserved: 2024-11-25T15:03:30.218Z
Link: CVE-2024-11680

Updated: 2024-11-26T14:19:04.072Z

Status : Modified
Published: 2024-11-26T10:15:04.540
Modified: 2025-09-23T16:15:29.890
Link: CVE-2024-11680

No data.

No data.